46 lines
1.5 KiB
Django/Jinja
46 lines
1.5 KiB
Django/Jinja
services:
|
|
vaultwarden:
|
|
image: vaultwarden/server:latest
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
- DOMAIN=https://vault.lehmannhaus.de # z.B. https://vw.example.home oder http://localhost:8080
|
|
- ADMIN_TOKEN=${ADMIN_TOKEN} # starkes Token für Admin-Panel
|
|
- SIGNUPS_ALLOWED=false # Family: Accounts nur via Einladung
|
|
- WEBSOCKET_ENABLED=true # auf true setzen, wenn du Port 3012 mappst
|
|
- LOG_FILE=/data/vaultwarden.log
|
|
- LOG_LEVEL=info
|
|
|
|
- SMTP_HOST=mail.gmx.net
|
|
- SMTP_FROM="Vaultwarden <info.lehmannhaus@gmx.de>"
|
|
- SMTP_PORT=587
|
|
- SMTP_SECURITY=starttls
|
|
- SMTP_TIMEOUT=15
|
|
- SMTP_USERNAME=info.lehmannhaus@gmx.de
|
|
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
|
|
# ---- OIDC / SSO (Vaultwarden >= v1.34) ----
|
|
- SSO_ENABLED=true
|
|
- SSO_ONLY=false # true = nur SSO-Login erlauben
|
|
- SSO_AUTHORITY=https://cloud.lehmannhaus.de
|
|
- SSO_CLIENT_ID=${SSO_CLIENT_ID}
|
|
- SSO_CLIENT_SECRET=${SSO_CLIENT_SECRET}
|
|
- SSO_SCOPES=openid profile email # Nextcloud: üblicherweise diese drei
|
|
- SSO_PKCE=true
|
|
|
|
restart: always
|
|
ports:
|
|
- '8080:80'
|
|
- '3012:3012'
|
|
volumes:
|
|
- {{ service_directory }}/data:/data
|
|
networks:
|
|
- default
|
|
|
|
networks:
|
|
default:
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 172.9.0.0/16
|
|
gateway: 172.9.0.1
|